...
| Note |
|---|
One of the main advantages of CSP is protection against inline script execution and calls to the JavaScript eval() and function() routines, so this is not generally recommended and we strongly recommended that you also include other directives such as only loading JavaScript from a trusted domain, using SSL, and adding directives to only load resources of over HTTPS. For more info, see here. |
...